Integrate IT Risk Management With Enterprise Risk

If IT security execs want great buy in for their efforts, they need to make themselves more important to the organization as a whole. According to Ericka Chickowski, this means IT governance and risk need to merge with overall enterprise risk management. This integration can make executive level support of IT security can make getting funding and resources just a matter of business instead of an outside request. Citing an Ernst & Young report, Chickowski shows how enterprise and risk management generally develops without any alignment to the rest of the business, and this is a mistake: “A challenging economy, natural disasters, and technology threats have dominated the news of recent years,” says Jerry Goldberg, partner at Navigate, a management consulting firm in Philadelphia. “Governance boards and executives are under increased scrutiny to provide shareholders with peace of mind that a company's risks — strategic, operational, financial, and compliance — are proactively being identified and mitigated.” Unfortunately, when IT risk management is siloed off from the rest of the enterprise risk management program, it becomes difficult to offer that peace of mind when communication is confused because the language that IT risk managers speak doesn't jibe with the language financial risk managers speak, for example. There are ways to bring together the different silos of risk management, including using the same process no matter what area of risk management is being addressed, utilizing risk management to help facilitate action through data mining, and helping the business determine the right balance between risk, cost, and value.

Show More

Leave a Reply


We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.